We use cookies to customise content for your subscription and for analytics.If you continue to browse Lexology, we will assume that you are happy to receive all our cookies. For further information please read our Cookie Policy.

Care Home Fined £15,000 for Sensitive Personal Information Leak

Regular readers will note that Employment Matters often features developments in the area of data privacy enforcement and powers relating to breaches of information rights. In another example of data privacy infringement, following an investigation by the Information Commissioner’s Office, a Northern Irish care home has been fined £15,000. The breach that triggered the investigation occurred after an employee at the Whitehead Nursing Group care home had taken an unencrypted work laptop home, which was then stolen during a burglary. The laptop had details of residents’ birth dates and health records and disciplinary and sickness records for staff. The investigation uncovered other systemic failings in the care home’s data protection. The fine is proportional to the size of the organisation (up to £500,000 being possible), and there were a number of mitigating factors.

What Should Employers Do Next?

Ensure that a robust data protection policy is not only in place, but being complied with by all those with access to sensitive material. Whilst fines to date have been relatively modest, it is clear that the Information Commissioner is prepared to use its powers, which are significant for serious breaches by large organisations.

Compare jurisdictions: Employment & Labor: International

“I make an effort to read at least several articles each day and regularly share the particularly relevant or interesting articles with my colleagues. I greatly appreciate the inclusion of the Lexology service by the State Bar of Texas and have recommended that my friends and colleagues join the Corporate Counsel Section of the State Bar in order to obtain this service for themselves.”